General

  • Target

    b4c10799213a8c9d897e0308aa081d4e

  • Size

    1.3MB

  • Sample

    240305-p8hfwagc57

  • MD5

    b4c10799213a8c9d897e0308aa081d4e

  • SHA1

    3e8c1cef0003df477bc9eb06766b583b7907270f

  • SHA256

    18b6270f3c007da456cb90681675d76c1495e2cc6c1be1965ffb4c12026b0921

  • SHA512

    cb6243e1ef251cad4f6b2366805372a56f14cb77d617fa81b694c536ce32e2d18f1acd3a683a84729b10831a14a5bff6315b015b76a08e22ed358c5b269debb1

  • SSDEEP

    12288:5MMpXKb0hNGh1kG0HWnALbgMMpXKb0hNGh1kG0HWnALbXU:5MMpXS0hN0V0HkMMpXS0hN0V0HQ

Malware Config

Targets

    • Target

      b4c10799213a8c9d897e0308aa081d4e

    • Size

      1.3MB

    • MD5

      b4c10799213a8c9d897e0308aa081d4e

    • SHA1

      3e8c1cef0003df477bc9eb06766b583b7907270f

    • SHA256

      18b6270f3c007da456cb90681675d76c1495e2cc6c1be1965ffb4c12026b0921

    • SHA512

      cb6243e1ef251cad4f6b2366805372a56f14cb77d617fa81b694c536ce32e2d18f1acd3a683a84729b10831a14a5bff6315b015b76a08e22ed358c5b269debb1

    • SSDEEP

      12288:5MMpXKb0hNGh1kG0HWnALbgMMpXKb0hNGh1kG0HWnALbXU:5MMpXS0hN0V0HkMMpXS0hN0V0HQ

    • Modifies WinLogon for persistence

    • Renames multiple (91) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks